IIS and Windows NT/2000

[yousuc <yousuc () DONUTBLEET COM>]

Just thought I would pass this information along for those running IIS
and Windows NT/2000.
I have 5 IIS servers on the net. All receive over 50 attempts a day from
various IP’s.
So far no one has been able to compromise any of my servers, even if I
have not patched my servers with Microsoft’s latest patches.
I have set up NTFS like most administrators, but I have taken the time
to go thru all my files and folders and setup permissions manually.
(Shouldn’t all administrators do this?) :-)
What I did was add IUSR_machinename to some files and folders where an
IUSR_machinename does not need access to or be able to gain access to
other folders on the machine.
Be default most files and folders will allow EVERYONE Read & Execute
permissions.
For example on the latest exploit for IIS that exploits the use of
CMD.EXE I setup the permissions for IUSR_machinename to be denied or to
just READ only with NO EXECUTE.
I have had caught over 20 IP’s trying to use the UNICODE exploit from
05-05-2001 to 05-08-2001, all which was unsuccessful.
So my point is, is that you should take the time to check/add/modify
NTFS permissions accordingly for any Windows NT/2000 Server.
Keeping up to date on the latest Microsoft Patches is another.
 
Anyways I hope that this sheds some light for other Security Focus
Administrators.
For those who wish to use my services to protect your servers and
information. You can reach me at my email below.
 
Sincerely,
 
Jay Ireland
mailto:jireland () donutbleet com